A financial penalty of $4,000 was imposed on Tanah Merah Country Club for failing to put in place reasonable security arrangements to protect the personal data of individuals stored on its electronic direct mail (“EDM”) system. The common password for login to the EDM system was weak and had not been changed since 2010. There were also no arrangements in place to ensure and enforce password strength, expiry and protection.

An application for reconsideration was filed against the decision Re Tanah Merah Country Club. Upon review and careful consideration of the application, directions in the decision were varied.

Click here to find out more.